luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-12-26 07:26:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update documentation of g_tls_client_connection_set_use_ssl3()

Browse Source 
We now send the fallback SCSV, meaning use of this function will cause
modern servers to immediately terminate the connection, so let's warn
API users to expect that behavior and be crystal clear that this
function should only be used as a fallback when a normal connection
attempt has already failed.

Also, the documentation is mostly duplicated between the property and
the function, so let's just reference the function documentation from
the property.
This commit is contained in:
Michael Catanzaro 2018-08-04 16:33:28 -05:00
parent 94a99ae917
commit 08fe93589e
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
gio/gtlsclientconnection.c
View File

@ -105,14 +105,7 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
* *
* If %TRUE, forces the connection to use a fallback version of TLS * If %TRUE, forces the connection to use a fallback version of TLS
* or SSL, rather than trying to negotiate the best version of TLS * or SSL, rather than trying to negotiate the best version of TLS
* to use. This can be used when talking to servers that don't * to use. See g_tls_client_connection_set_use_ssl3().
* implement version negotiation correctly and therefore refuse to
* handshake at all with a modern TLS handshake.
*
* Despite the property name, the fallback version is usually not
* SSL 3.0, because SSL 3.0 is generally disabled by the #GTlsBackend.
* #GTlsClientConnection will use the next-highest available version
* as the fallback version.
* *
* Since: 2.28 * Since: 2.28
* *
@ -304,14 +297,19 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
* @conn: the #GTlsClientConnection * @conn: the #GTlsClientConnection
* @use_ssl3: whether to use the lowest-supported protocol version * @use_ssl3: whether to use the lowest-supported protocol version
* *
* If @use_ssl3 is %TRUE, this forces @conn to use the lowest-supported * Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
* TLS protocol version rather than trying to properly negotiate the * lowest-supported TLS protocol version rather than trying to properly
* highest mutually-supported protocol version with the peer. This can * negotiate the highest mutually-supported protocol version with the
* be used when talking to broken TLS servers that exhibit protocol * peer. Be aware that SSL 3.0 is generally disabled by the
* version intolerance. * #GTlsBackend, so the lowest-supported protocol version is probably
* not SSL 3.0.
* *
* Be aware that SSL 3.0 is generally disabled by the #GTlsBackend, so * Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
* the lowest-supported protocol version is probably not SSL 3.0. * be sent to the server, causing modern TLS servers to immediately
* terminate the connection. You should generally only use this function
* if you need to connect to broken servers that exhibit TLS protocol
* version intolerance, and when an initial attempt to connect to a
* server normally has already failed.
* *
* Since: 2.28 * Since: 2.28
* *